Our small business has been growing and I have been asked to check on training for our annual computing security training for all users.
So before I spend a bunch of time I really don't have building some training, I wanted to check with the community to see if anyone has purchased training from an outside vendor and what you thought of the training. As I might want to contact them for training, please also include the name of the company.
Why not do it yourself? One of my former jobs was as the Cyber Security Division Director for a large industrial plant. They hired about 25-30 people each month so the new employee orientation classes were big presentations that lasted 3 days. Even though I was the cyber director I had to sit through the Information Assurance Training. It was horrible. It was an hour long video that looked like it had been shot over a decade ago. The information was outdated and the entire class had lost interest. I saw people sleeping, playing on their phones, doodling, etc.,. As the Cyber Director I was embarrassed that this was our training.
I texted my boss during the presentation and told her this would be the last time anyone saw that video. The next month I had my employees down there briefing the group, I did this for several reasons:
1) It put a face to a name in Cyber Security. I didn't want our image to be that of just being the "bad guys" who took away your access when an incident occurred. I wanted the group to be approachable.
2) I wanted for my team to be able to respond to questions about current events in cybersecurity, not be locked in to cyber prevention that was 10 years old.
3) I wanted my employees to get more experience giving presentations so it would help their future careers.
4) I wanted to make it more interesting. I even took my turns giving the presentation. I brought in a laptop running Kali, a wireless directional antenna, another laptop running Flying Squirrel and Wireshark. I asked the group "How much does it cost to be a hacker?" I showed them that with under a $100 worth of materials I could hack. When I pointed out to the group that their phones were broadcasting beacons looking for their home wireless routers they were amazed that even though they weren't at home, their phones were still periodically checking for the router.
This kind of interactive "presentation" did more to keep the group interested and asking questions than any boring hour long video could have. I would have people follow up with my group asking about home use anti-virus, other home-use programs we had available, asking about how to make their home set-ups more secure, how to properly dispose of old hard drives they had at home (I let them bring them in and watch them being destroyed!). This increased the cyber security awareness of the entire plant.
If you just look to bring in a vendor to do this for you, you may be missing out on an important chance to connect with your users and tailor the presentation to your company.